1 /* Enter a network namespace.
2    Copyright (C) 2016-2022 Free Software Foundation, Inc.
3    This file is part of the GNU C Library.
4 
5    The GNU C Library is free software; you can redistribute it and/or
6    modify it under the terms of the GNU Lesser General Public
7    License as published by the Free Software Foundation; either
8    version 2.1 of the License, or (at your option) any later version.
9 
10    The GNU C Library is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13    Lesser General Public License for more details.
14 
15    You should have received a copy of the GNU Lesser General Public
16    License along with the GNU C Library; if not, see
17    <https://www.gnu.org/licenses/>.  */
18 
19 #include <support/namespace.h>
20 
21 #include <net/if.h>
22 #include <sched.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <support/check.h>
26 #include <support/xsocket.h>
27 #include <support/xunistd.h>
28 #include <sys/ioctl.h>
29 #include <unistd.h>
30 
31 static bool in_uts_namespace;
32 
33 bool
support_enter_network_namespace(void)34 support_enter_network_namespace (void)
35 {
36 #ifdef CLONE_NEWUTS
37   if (unshare (CLONE_NEWUTS) == 0)
38     in_uts_namespace = true;
39   else
40     printf ("warning: unshare (CLONE_NEWUTS) failed: %m\n");
41 #endif
42 
43 #ifdef CLONE_NEWNET
44   if (unshare (CLONE_NEWNET) == 0)
45     {
46       /* Bring up the loopback interface.  */
47       int fd = xsocket (AF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
48       struct ifreq req;
49       strcpy (req.ifr_name, "lo");
50       TEST_VERIFY_EXIT (ioctl (fd, SIOCGIFFLAGS, &req) == 0);
51       bool already_up = req.ifr_flags & IFF_UP;
52       if (already_up)
53         /* This means that we likely have not achieved isolation from
54            the parent namespace.  */
55         printf ("warning: loopback interface already exists"
56                 " in new network namespace\n");
57       else
58         {
59           req.ifr_flags |= IFF_UP | IFF_RUNNING;
60           TEST_VERIFY_EXIT (ioctl (fd, SIOCSIFFLAGS, &req) == 0);
61         }
62       xclose (fd);
63 
64       return !already_up;
65     }
66 #endif
67   printf ("warning: could not enter network namespace\n");
68   return false;
69 }
70 
71 bool
support_in_uts_namespace(void)72 support_in_uts_namespace (void)
73 {
74   return in_uts_namespace;
75 }
76